What happened at Equifax and how can you protect yourself

POSTED BYEric Rosenberg

On September 7, 2017, Equifax announced that its massive database of consumer credit data was breached. If you had never heard of Equifax before, you may be in for a surprise.

Equifax is one of three companies that keeps a copy of your credit history, which includes your name, address, social security number, phone number, and in some cases even account numbers. Today, let’s take a look at who Equifax is, what happened, and how you can always stay vigilant against identity theft and fraud.

Who are the major credit bureaus and what do they do?

Every time you apply for credit, the lender looks up your credit score and credit report. This reporting is handled by three large companies: Experian, Equifax, and TransUnion. Known as the credit reporting bureaus, you are a customer of these companies whether you like it or not.

Every month, your banks and credit card companies provide payment and account status updates to at least one of the three credit bureaus. Whether you paid on time, paid late, missed the payment, or no payment was due, it is added to your credit file. Using all of the details from the lenders, these three bureaus create your credit report and credit score.

How did my information get leaked at Equifax?

According to Equifax, in mid-May 2017 hackers breached Equifax servers and begin to steal sensitive personal information. The theft continued into July, when Equifax updated its security and stopped the breach. The public was not informed until September 7, four months after the initial breach began and two months after the issue was fixed.

While the massive initial breach, which leaked information for 143 million Americans, was still in the headlines, Equifax admitted to another breach that took place in March. Even after the March hack, which was previously undisclosed, Equifax allowed the second, larger hack to happen.

Equifax uses a software program called Apache Struts in its web servers. Apache Struts had a known vulnerability that Apache offered a fix for more than two months before the major hack began. Equifax had months to solve the problem but took no action. It was not until the company found that data was already compromised that the patch was implemented. This nonchalant response led to the worst data security theft in United States history.

As a response, the head of security at Equifax, an executive with a music degree, not a computer science degree or anything related to security, was fired from her position. Shortly after, the CEO of Equifax was fired, but he still walked away with a $90 million golden parachute payment on his exit. The rest of us are stuck trying to keep our information safe and avoid identity theft.

Steps to prevent fraud and stay safe from identity theft

Virtually every American adult with any credit card or loan in the last ten years has a credit report with Equifax, so most of us can safely assume we were victims of the breach. To be certain, you can head to this Equifax website to find out for sure.

Equifax is offering a year of its identity theft service for free to victims of the breach, but there are other options available at no cost where you don’t have to sign up with Equifax. I would rather trust to a company that didn’t just leak everything needed to open a credit card under my name.

The best option is to stay vigilant and sign up for free credit monitoring from one of a handful of providers. Some favorites are free credit score websites Credit Karma and Credit Sesame or password security tool LastPass, which also offers credit report monitoring.

With credit report monitoring, every time a change is made on your credit report, such as a paid off balance, new credit application, or new credit account, you get an instant notification. If it was activity that you did yourself, you have nothing to worry about. If it is unrecognized, you can quickly act to shut down the account and prevent further fraud.

If you want to lock your account down completely, you have a more secure option but it also requires some expense and extra work on your part. You can lock your credit at any of the major three bureaus, but for maximum protection may want to lock your credit at all three. Depending on your state, the fee is up to $10.

Once your credit is locked, each time you want to apply for new credit you have to unlock your credit. You can generally do this for a specific period of time, for example 48 hours, during which you can apply for a new loan or credit card. Each time you unlock, expect another fee of up to $10.

Because locking your credit costs money and is a bit of a hassle, unless you are already a victim of identity theft or suspect an identity theft is coming soon, you may prefer to just sign up for monitoring. However, if you feel better keeping your credit on lock-down, there is no harm outside of a little extra time and money when you apply for future credit accounts.

Always stay aware and alert

The best defense against identity theft is keeping your information as safe and secure as possible. Unfortunately for all of us, the cat is already out of the bag in this case. Unless the government issues everyone a new social security number or all lenders join in a PIN based security system, it is important that every American consumer stay appraised of what is happening on their credit reports.

A little effort to sign up for free credit monitoring might just save you hours of work and thousands of dollars in expenses in the future. Always do everything you can to keep your credit secure and respond quickly when suspicious activity appears. If you do, you have little to worry about.